git-echo
ae515ecb3a
All checks were successful
CI/CD Pipeline / Code Format (push) Successful in 4s
CI/CD Pipeline / Clippy Lints (push) Successful in 43s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m12s
CI/CD Pipeline / Security Audit (push) Successful in 4s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m14s
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 1m8s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Successful in 2m26s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m33s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m37s
CI/CD Pipeline / Build Debian Package (push) Successful in 2m15s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m31s
1.5 KiB
1.5 KiB
Security Policy
Supported Versions
Only the latest release is currently supported with security updates.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
Reporting a Vulnerability
Do not report security vulnerabilities through public GitHub Issues.
Instead, use GitHub's private vulnerability reporting:
👉 Report a vulnerability for Linux-Patch-Api
This allows us to coordinate a fix before public disclosure.
Response Timeline
- Acknowledgment within 48 hours
- Initial assessment within 7 days
- Ongoing updates on remediation progress
Disclosure Policy
We follow coordinated disclosure:
- We ask for 90 days before public disclosure of a vulnerability
- Security advisories are published via GitHub Security Advisories
- We will work with you to determine an appropriate disclosure timeline when a fix requires more time
Security Best Practices
This project is a security tool — we hold ourselves to a high standard:
- Signed commits: All commits must be signed (SSH signing)
- CI enforcement: All PRs require passing CI checks (fmt, clippy, test, audit, build)
- Dependency auditing:
cargo auditruns in CI to catch known vulnerabilities
Credit
Contributors who responsibly report vulnerabilities will be credited in the corresponding GitHub Security Advisory.